Introduction
When building applications using Webpack, developers may encounter an error titled "ERR_OSSL_EVP_UNSUPPORTED." This typically arises from changes introduced in newer versions of OpenSSL and Node.js. Specifically, this issue can occur when Node.js 17 or later is used due to deprecated hash algorithms like MD4 no longer being supported.
This tutorial will guide you through understanding the root cause of this error and provide several methods to resolve it effectively without having to downgrade your Node.js version.
Understanding the Issue
The error "ERR_OSSL_EVP_UNSUPPORTED" indicates that an unsupported digital envelope routine is being used, primarily linked with MD4 hashing. In modern OpenSSL versions bundled with Node.js 17+, MD4 is deprecated for security reasons. Webpack, by default in older configurations, might still rely on this algorithm when generating hash values during the build process.
Solutions to Resolve ERR_OSSL_EVP_UNSUPPORTED
Method 1: Use Legacy Provider
For a quick temporary fix without altering your project configuration:
export NODE_OPTIONS=--openssl-legacy-provider
This environment variable allows Node.js to use OpenSSL’s legacy provider, which supports MD4 temporarily. This solution is not recommended for production environments due to potential security implications.
Method 2: Update Webpack Configuration
If you’re using a recent version of Webpack (v5.54.0 or later), change the hashing function used during builds:
module.exports = {
output: {
hashFunction: 'sha256' // Change from default 'md4'
}
};
This approach uses SHA-256 instead, which is supported by modern OpenSSL versions.
Method 3: Modify Cryptographic Function (Temporary Fix)
For those who cannot update their Webpack configuration directly, you can temporarily patch the hashing function:
import crypto from "crypto";
const originalCreateHash = crypto.createHash;
Object.assign(crypto, {
createHash(algorithm) {
return originalCreateHash(algorithm === "md4" ? "sha256" : algorithm);
}
});
This JavaScript snippet redirects MD4 calls to SHA-256 within Node.js during the build process.
Method 4: Configure OpenSSL for Legacy Support
If you’re unable to modify Webpack’s configuration, consider configuring OpenSSL to allow legacy algorithms temporarily:
-
Create an
openssl.cnffile with the following content:openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1 -
Set the
OPENSSL_CONFenvironment variable to point to this file:export OPENSSL_CONF=/path/to/openssl.cnf
This configuration activates OpenSSL’s legacy provider temporarily.
Best Practices
- Upgrade Webpack: If possible, upgrade to a newer version of Webpack that supports updated hashing algorithms.
- Node.js LTS Version: Consider using the Long Term Support (LTS) versions of Node.js for more stability and compatibility with older libraries.
- Security Considerations: Avoid relying on legacy cryptographic functions in production environments due to security risks.
Conclusion
By understanding the root cause of "ERR_OSSL_EVP_UNSUPPORTED" and applying one of the outlined solutions, you can resolve Webpack build failures caused by deprecated hashing algorithms. Choose a solution that best fits your project requirements and environment constraints, keeping security implications in mind.